2. Agenda
o Cyber crime β overview
o Understand the risk
o Cyber insurance
β What does it cover?
β Additional benefits
β Possible placements
o Understand the policy
o Decision time β Insurance?
3. Cyber crime - overview
o Cyber crime is, primarily, conducted for 4 reasons
β Obtaining confidential personal information β then often sold for
profit but can be politically motivated
β Direct financial crime β transfer of money, etc from accounts
β Botnet β utilising the infected device to conduct Distributed Denial
of Service attacks
β Political β βhacktavismβ, state sponsored attacks aimed at
Governments and agencies
o Cyber crime is increasing exponentially
β Circa US$450billion arising from cyber crime in 2016
β Estimated to increase to US$2trillion by 2019
4. Understand the risk
o Treat cyber the same as any other risk the
business faces
o Identify the risks around cyber specific to the
business
o Assess the mitigating factors to those risks
o Quantify the risks
o Then, and only then, consider insurance
6. What does it cover?
o Loss of profit
β Loss of net profit and extra
expenses incurred
o Fines and Penalties
β Imposed by regulatory bodies,
where permissible by law
o Restoration Costs
β Costs incurred in restoring,
replacing or recollecting data
o Breach Response Costs
β Costs associated with notification,
credit monitoring to the affected
individuals
o Forensic Costs
β Costs incurred in investigating
and analysing how the breach
occurred
o Public Relations costs
o Extortion
β Expenses incurred in evaluating
an extortion threat and potential
payment of the βransomβ
7. Additional benefits
o Access to a pre-agreed
panel of experts including
β Breach response
teams
β Public Relations firms
β Forensic experts
β Legal support
o Pre and post loss
assessments, at a cost
β Identification of
weaknesses
β Recommendations
β Provided through the
insurers panel of
experts
8. Possible Placements
Conventional β protects the
Insured for costs incurred
Alternative β provides access to the
experts but mitigates cost by significant
retention
9. Understand the policy
o What does the policy cover, and what does it not?
o Stress test the policy with likely scenarios
o Adapt the policy to meet your exposures
o Understand what access to experts sits behind the
policy
10. Decision Time β Insurance?
o Are your exposures mitigated adequately? Is insurance
the best solution?
o Are you and the insurer aligned to how to manage an
incident
o Ensure full disclosure β share your findings with
insurers
o Do adapt the limit and excess to meet your budget
constraint but critically your potential exposure
o Price is important, but cover is critical